Table of Contents
Advertisement
1.4.3 Event Fields
Each event has fields that might or might not be populated, depending on the specific event. The
values for these event fields can be viewed by using a search or running a report. Each field has a
short name that is used in advanced searches. The values for most of these fields are visible in the
detailed event view; other values are also visible in the basic event view.
Event Fields
Table 1-2
Short
Field
Name
Severity
sev
EventTime
dt
EventName
evt
Message
msg
ProductName
pn
InitUserName
sun
InitUserID
iuid
InitUserDomain
rv35
InitHostName
shn
InitHostDomain
rv42
InitIP
sip
InitServicePort
spint
InitServicePortName
sp
TargetUserName
dun
Description
Normalized severity of the event on a scale
of 0 (informational) to 5 (critical).
Time stamp of the event. Can be the
Sentinel Rapid Deployment server time
stamp or the time stamp from the original
event source (if trust event time is
enabled).
Short name of the event.
Detailed event message.
Product that generated the event; the
event source.
Displayed after the event name.
Username of the user who initiated the
event.
User ID of the user who initiated the event,
based on the raw data reported by the
device.
Domain of the user who initiated the event.
Searchable but not displayed in either
event view.
Hostname of the machine from which the
event initiated.
Domain of the machine from which the
event initiated.
IP address of the machine from which the
event initiated.
Port number from which the event initiated
(for example, HTTP)
Type of port from which the event initiated
(for example, HTTP).
Username of the user who was the target
of the event.
Managing Sentinel 6.1 Rapid Deployment Through the Web Interface
Visible in
Visible in
Detailed
Basic View
View
X
X
X
X
X
X
Invisible
X
X
X
X
X
Invisible
X
Invisible
Invisible
X
X
X
X
Invisible
X
Invisible
X
Invisible
X
X
X
37
Advertisement
Table of Contents
